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Amendments to the Claims : 

This listing of claims replaces all prior versions and listings of claims in the application: 
Listing of Claims : 

1-49. (Cancelled) 

50. (New) A method of monitoring connection transactions with access providers, the 
method comprising: 

receiving, at an intermediary device that is configured to facilitate communications 
between a requestor device and first and second access providing hosts, a first connection 
transaction request from the requestor device that requests access to the first access providing 

subsequent to receiving the first connection transaction request, receiving, at the 
intermediary device, a second connection transaction request from the requestor device that 
requests access to the second access providing host; 

determining, at the intermediary device, that the first connection transaction request 
resulted in a partially-completed connection transaction that reached a time out condition prior to 
receipt of an acknowledgement corresponding to the first connection transaction request; and 

based on the determination that the first connection transaction request resulted in a 
partially-completed connection transaction that reached a time out condition prior to receipt of an 
acknowledgement corresponding to the first connection transaction request, blocking, at the 
intermediary device, the second connection transaction request to prevent the second connection 
transaction request from reaching the second access providing host. 

5 1 . (New) The method of claim 50 wherein blocking, at the intermediary device, the 
second connection transaction request further comprises: 

identifying, at the intermediary device, the requestor device based on the second 
connection transaction request; 



Applicant : Christopher J. Wright et al. Attorney's Docket No.: 06975-074002 /Security 05- 

SerialNo. : 10/698,933 CON 
Filed : November 3, 2003 
Page : 3 of 16 

accessing, at the intermediary device, information identifying requestor devices from 
which the intermediary device has previously received a connection transaction request that 
resulted in a partially-completed connection transaction that reached a time out condition prior to 
receipt of an acknowledgement corresponding to the connection transaction request, the accessed 
information reflecting the determination that the first connection transaction request resulted in a 
partially-completed connection transaction that reached a time out condition prior to receipt of an 
acknowledgement corresponding to the first connection transaction request; 

comparing, at the intermediary device, the accessed information to the identified 
requestor device; and 

based on comparison results, determining, at the intermediary device, that the 
intermediary device previously received, from the requestor device, that first connection 
transaction request that requested access to the first access providing host and that resulted in a 
partially-completed connection transaction that reached a time out condition prior to receipt of an 
acknowledgement corresponding to the first connection transaction request. 

52. (New) The method of claim 50 wherein the intermediary device is a switch 
configured to perform load balancing techniques for communications directed to the first and 
second access providing hosts. 

53. (New) The method of claim 50 wherein determining, at the intermediary device, 
that the first connection transaction request resulted in a partially-completed connection 
transaction that reached a time out condition prior to receipt of an acknowledgement 
corresponding to the first connection transaction request comprises: 

accessing, at the intermediary device, a time out threshold; 

measuring, at the intermediary device, an amount of time that the intermediary has been 
waiting for an acknowledgement corresponding to the first connection transaction request; 

comparing, at the intermediary device, the measured amount of time to the time out 
threshold; and 
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determining, at the intermediary device, that the first connection transaction request 
resulted in a partially-completed connection transaction that reached a time out condition when 
the comparison reveals that the measured amount of time exceeds the time out threshold. 

54. (New) The method of claim 50 wherein, at the time of blocking the second 
connection transaction request, the intermediary device has not previously received, from the 
requestor device, a connection transaction request that requested access to the second access 
providing host and that resulted in a partially-completed connection transaction that reached a 
time out condition prior to receipt of an acknowledgement corresponding to the connection 
transaction request. 

55 . (New) The method of claim 50 wherein blocking, at the intermediary device, the 
second connection transaction request further comprises delaying termination of a partially- 
completed connection transaction based on the second connection transaction request to allow 
the intermediary device to continue monitoring communications from the requestor device to the 
second access providing host. 

56. (New) The method of claim 50 further comprising: 

determining, at the intermediary device, whether a return address included in the second 
connection transaction request differs from an actual return address of the requestor device; and 

blocking, at the intermediary device, the second connection transaction request in 
response to a determination that the return address included in the second connection transaction 
request differs from the actual return address of the requestor device. 

57. (New) The method of claim 56 wherein determining, at the intermediary device, 
whether the return address included in the second connection transaction request differs from the 
actual return address of the requestor device comprises determining, at the intermediary device, 
whether a return Internet protocol address included in the second connection transaction request 
differs from an actual return Internet protocol address of the requestor device. 
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58. (New) A networking device comprising: 
a processor; and 

a memory encoded with machine readable instructions that, when executed by the 
processor, operate to cause the processor to perform operations comprising: 

facilitating communications between a requestor device and first and second 
access providing hosts; 

receiving a first connection transaction request from the requestor device that 
requests access to the first access providing host; 

subsequent to receiving the first connection transaction request, receiving a 
second connection transaction request from the requestor device that requests access to 
the second access providing host; 

determining that the first connection transaction request resulted in a partially- 
completed connection transaction that reached a time out condition prior to receipt of an 
acknowledgement corresponding to the first connection transaction request; and 

based on the determination that the first connection transaction request resulted in 
a partially-completed connection transaction that reached a time out condition prior to 
receipt of an acknowledgement corresponding to the first connection transaction request, 
blocking the second connection transaction request to prevent the second connection 
transaction request from reaching the second access providing host. 

59. (New) The networking device of claim 58 wherein blocking the second 
connection transaction request further comprises: 

identifying the requestor device based on the second connection transaction request; 

accessing information identifying requestor devices from which the intermediary device 
has previously received a connection transaction request that resulted in a partially-completed 
connection transaction that reached a time out condition prior to receipt of an acknowledgement 
corresponding to the connection transaction request, the accessed information reflecting the 
determination that the first connection transaction request resulted in a partially-completed 
connection transaction that reached a time out condition prior to receipt of an acknowledgement 
corresponding to the first connection transaction request; 
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comparing the accessed information to the identified requestor device; and 
based on comparison results, determining that the intermediary device previously 
received, from the requestor device, the first connection transaction request that requested access 
to the first access providing host and that resulted in a partially-completed connection transaction 
that reached a time out condition prior to receipt of an acknowledgement corresponding to the 
first connection transaction request. 

60. (New) The networking device of claim 58 wherein the networking device is a 
switch configured to perform load balancing techniques for communications directed to the first 
and second access providing hosts. 

61 . (New) The networking device of claim 58 wherein determining, at the 
intermediary device, that the first connection transaction request resulted in a partially-completed 
connection transaction that reached a time out condition prior to receipt of an acknowledgement 
corresponding to the first connection transaction request comprises: 

accessing, at the intermediary device, a time out threshold; 

measuring, at the intermediary device, an amount of time that the intermediary has been 
waiting for an acknowledgement corresponding to the first connection transaction request; 

comparing, at the intermediary device, the measured amount of time to the time out 
threshold; and 

determining, at the intermediary device, that the first connection transaction request 
resulted in a partially-completed connection transaction that reached a time out condition when 
the comparison reveals that the measured amount of time exceeds the time out threshold. 

62. (New) The networking device of claim 58 wherein, at the time of blocking the 
second connection transaction request, the networking device has not previously received, from 
the requestor device, a connection transaction request that requested access to the second access 
providing host and that resulted in a partially-completed connection transaction that reached a 
time out condition prior to receipt of an acknowledgement corresponding to the connection 
transaction request. 



Applicant : Christopher J. Wright et al. Attorney's Docket No.: 06975-074002 / Security 05- 

SerialNo. : 10/698,933 CON 

Filed : November 3, 2003 

Page : 7 of 16 



63. (New) The networking device of claim 58 wherein blocking the second 
connection transaction request further comprises delaying termination of a partially-completed 
connection transaction based on the second connection transaction request to allow the 
intermediary device to continue monitoring communications from the requestor device to the 
second access providing host. 

64. (New) The networking device of claim 58 wherein the memory is further 
encoded with machine readable instructions that, when executed by the processor, operate to 
cause the processor to perform operations comprising: 

determining whether a return address included in the second connection transaction 
request differs from an actual return address of the requestor device; and 

blocking the second connection transaction request in response to a determination that the 
return address included in the second connection transaction request differs from the actual 
return address of the requestor device. 

65. (New) The networking device of claim 64 wherein determining whether the 
return address included in the second connection transaction request differs from the actual 
return address of the requestor device comprises determining whether a return Internet protocol 
address included in the second connection transaction request differs from an actual return 
Internet protocol address of the requestor device. 
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66. (New) A method of monitoring access requests to access providers comprising: 
observing, using an intermediary device other than an access providing host that assigns 

resources responsive to inbound access requests, information identifying a requestor based on 
receipt of the requestor's submission of an access request to a first access providing host; 

accessing, using the intermediary device, stored information identifying previous 
requestors, of the first access providing host as well as of other access providing hosts, that are 
determined to have submitted a previous access request that has timed out prior to submission of 
an acknowledgement corresponding to the previous access request; 

comparing, using the intermediary device, the observed information identifying the 
requestor to the stored information identifying previous requestors; 

when the comparison reveals that the requestor has submitted a previous access request 
that has timed out prior to submission of an acknowledgement corresponding to the previous 
access request, denying, using the intermediary device, the access request submitted by the 
requestor while denying passage of the access request to the first access providing host; and 

when the comparison reveals that the requestor has not submitted a previous access 
request that has timed out prior to submission of an acknowledgement corresponding to the 
previous access request: 

monitoring, using the intermediary device, a partially-completed connection 

transaction resulting from the access request to determine whether a time out condition 

occurs prior to requestor submission of an acknowledgement corresponding to the access 

request, and 

to the extent that a time out condition is determined to exist, adding, using the 
intermediary device, information identifying the requestor to the stored information 
identifying previous requestors for use in comparing against future requestors that submit 
an access request. 

67. (New) The method of claim 66 wherein denying, using the intermediary device, 
the access request submitted by the requestor while denying passage of the access request to the 
first access providing host comprises denying, using the intermediary device, the access request 
submitted by the requestor when the comparison reveals that the requestor has submitted, to an 
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access providing host other than the first access providing host, a previous access request that has 
timed out prior to submission of an acknowledgement corresponding to the previous access 
request. 



68. (New) The method of claim 66 wherein the intermediary device is a switch 
configured to perform load balancing techniques for communications directed to the first access 
providing host as well as the other access providing hosts. 

69. (New) The method of claim 66 further comprising: 

determining whether a return address included in the access request differs from an actual 
return address of the requestor's device; and 

denying the access request in response to a determination that the return address included 
in the access request differs from an actual return address of the requestor's device. 

70. (New) An networking device, other than an access providing host that assigns 
resources responsive to inbound access requests, comprising: 

a processor; and 

a memory encoded with machine readable instructions that, when executed by the 
processor, operate to cause the processor to perform operations comprising: 

observing information identifying a requestor based on receipt of the requestor's 
submission of an access request to a first access providing host; 

accessing stored information identifying previous requestors, of the first access 
providing host as well as of other access providing hosts, that are determined to have 
submitted a previous access request that has timed out prior to submission of an 
acknowledgement corresponding to the previous access request; 

comparing the observed information identifying the requestor to the stored 
information identifying previous requestors; 

when the comparison reveals that the requestor has submitted a previous access 
request that has timed out prior to submission of an acknowledgement corresponding to 
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the previous access request, denying the access request submitted by the requestor while 

denying passage of the access request to the first access providing host; and 

when the comparison reveals that the requestor has not submitted a previous 

access request that has timed out prior to submission of an acknowledgement 

corresponding to the previous access request: 

monitoring a partially-completed connection transaction resulting from the 
access request to determine whether a time out condition occurs prior to requestor 
submission of an acknowledgement corresponding to the access request, and 

to the extent that a time out condition is determined to exist, adding 
information identifying the requestor to the stored information identifying 
previous requestors for use in comparing against future requestors that submit an 
access request. 

71 . (New) A storage medium encoded with instructions that, when executed by a 
processing device, operate to cause the processing device to perform operations comprising: 

observing, using an intermediary device other than an access providing host that assigns 
resources responsive to inbound access requests, information identifying a requestor based on 
receipt of the requestor's submission of an access request to a first access providing host; 

accessing, using the intermediary device, stored information identifying previous 
requestors, of the first access providing host as well as of other access providing hosts, that are 
determined to have submitted a previous access request that has timed out prior to submission of 
an acknowledgement corresponding to the previous access request; 

comparing, using the intermediary device, the observed information identifying the 
requestor to the stored information identifying previous requestors; 

when the comparison reveals that the requestor has submitted a previous access request 
that has timed out prior to submission of an acknowledgement corresponding to the previous 
access request, denying, using the intermediary device, the access request submitted by the 
requestor while denying passage of the access request to the first access providing host; and 



Serial: 




Christopher J. Wright et al. 
10/698,933 
November 3, 2003 
11 of 16 



Attorney's Docket No.: 06975-074002 / Security 05- 
CON 



Page 



when the comparison reveals that the requestor has not submitted a previous access 
request that has timed out prior to submission of an acknowledgement corresponding to the 
previous access request: 

monitoring, using the intermediary device, a partially-completed connection 



occurs prior to requestor submission of an acknowledgement corresponding to the access 
request, and 

to the extent that a time out condition is determined to exist, adding, using the 
intermediary device, information identifying the requestor to the stored information 
identifying previous requestors for use in comparing against future requestors that submit 
an access request. 
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